projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Amd64/misc 64bit fixes (#236)
[reactos.git] / sdk / include / xdk / setypes.h
1 /******************************************************************************
2 * Security Manager Types *
3 ******************************************************************************/
4 $if (_WDMDDK_ || _WINNT_)
5
6 /* Simple types */
7 typedef PVOID PSECURITY_DESCRIPTOR;
8 typedef $ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
9 typedef $ULONG ACCESS_MASK, *PACCESS_MASK;
10
11 typedef PVOID PACCESS_TOKEN;
12 typedef PVOID PSID;
13
14 #define DELETE 0x00010000L
15 #define READ_CONTROL 0x00020000L
16 #define WRITE_DAC 0x00040000L
17 #define WRITE_OWNER 0x00080000L
18 #define SYNCHRONIZE 0x00100000L
19 #define STANDARD_RIGHTS_REQUIRED 0x000F0000L
20 #define STANDARD_RIGHTS_READ READ_CONTROL
21 #define STANDARD_RIGHTS_WRITE READ_CONTROL
22 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL
23 #define STANDARD_RIGHTS_ALL 0x001F0000L
24 #define SPECIFIC_RIGHTS_ALL 0x0000FFFFL
25 #define ACCESS_SYSTEM_SECURITY 0x01000000L
26 #define MAXIMUM_ALLOWED 0x02000000L
27 #define GENERIC_READ 0x80000000L
28 #define GENERIC_WRITE 0x40000000L
29 #define GENERIC_EXECUTE 0x20000000L
30 #define GENERIC_ALL 0x10000000L
31
32 typedef struct _GENERIC_MAPPING {
33 ACCESS_MASK GenericRead;
34 ACCESS_MASK GenericWrite;
35 ACCESS_MASK GenericExecute;
36 ACCESS_MASK GenericAll;
37 } GENERIC_MAPPING, *PGENERIC_MAPPING;
38
39 #define ACL_REVISION 2
40 #define ACL_REVISION_DS 4
41
42 #define ACL_REVISION1 1
43 #define ACL_REVISION2 2
44 #define ACL_REVISION3 3
45 #define ACL_REVISION4 4
46 #define MIN_ACL_REVISION ACL_REVISION2
47 #define MAX_ACL_REVISION ACL_REVISION4
48
49 typedef struct _ACL {
50 $UCHAR AclRevision;
51 $UCHAR Sbz1;
52 $USHORT AclSize;
53 $USHORT AceCount;
54 $USHORT Sbz2;
55 } ACL, *PACL;
56
57 /* Current security descriptor revision value */
58 #define SECURITY_DESCRIPTOR_REVISION (1)
59 #define SECURITY_DESCRIPTOR_REVISION1 (1)
60
61 /* Privilege attributes */
62 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
63 #define SE_PRIVILEGE_ENABLED (0x00000002L)
64 #define SE_PRIVILEGE_REMOVED (0x00000004L)
65 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
66
67 #define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
68 SE_PRIVILEGE_ENABLED | \
69 SE_PRIVILEGE_REMOVED | \
70 SE_PRIVILEGE_USED_FOR_ACCESS)
71
72 #include <pshpack4.h>
73 typedef struct _LUID_AND_ATTRIBUTES {
74 LUID Luid;
75 $ULONG Attributes;
76 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
77 #include <poppack.h>
78
79 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
80 typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
81
82 /* Privilege sets */
83 #define PRIVILEGE_SET_ALL_NECESSARY (1)
84
85 typedef struct _PRIVILEGE_SET {
86 $ULONG PrivilegeCount;
87 $ULONG Control;
88 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
89 } PRIVILEGE_SET, *PPRIVILEGE_SET;
90
91 typedef enum _SECURITY_IMPERSONATION_LEVEL {
92 SecurityAnonymous,
93 SecurityIdentification,
94 SecurityImpersonation,
95 SecurityDelegation
96 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
97
98 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
99 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
100 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
101 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
102
103 #define SECURITY_DYNAMIC_TRACKING (TRUE)
104 #define SECURITY_STATIC_TRACKING (FALSE)
105
106 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
107
108 typedef struct _SECURITY_QUALITY_OF_SERVICE {
109 $ULONG Length;
110 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
111 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
112 BOOLEAN EffectiveOnly;
113 } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
114
115 typedef struct _SE_IMPERSONATION_STATE {
116 PACCESS_TOKEN Token;
117 BOOLEAN CopyOnOpen;
118 BOOLEAN EffectiveOnly;
119 SECURITY_IMPERSONATION_LEVEL Level;
120 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
121
122
123 #define OWNER_SECURITY_INFORMATION (0x00000001L)
124 #define GROUP_SECURITY_INFORMATION (0x00000002L)
125 #define DACL_SECURITY_INFORMATION (0x00000004L)
126 #define SACL_SECURITY_INFORMATION (0x00000008L)
127 #define LABEL_SECURITY_INFORMATION (0x00000010L)
128
129 #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
130 #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
131 #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
132 #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
133
134 $endif (_WDMDDK_ || _WINNT_)
135 $if (_WDMDDK_)
136
137 typedef enum _SECURITY_OPERATION_CODE {
138 SetSecurityDescriptor,
139 QuerySecurityDescriptor,
140 DeleteSecurityDescriptor,
141 AssignSecurityDescriptor
142 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
143
144 #define INITIAL_PRIVILEGE_COUNT 3
145
146 typedef struct _INITIAL_PRIVILEGE_SET {
147 ULONG PrivilegeCount;
148 ULONG Control;
149 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
150 } INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
151
152 #define SE_MIN_WELL_KNOWN_PRIVILEGE 2
153 #define SE_CREATE_TOKEN_PRIVILEGE 2
154 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
155 #define SE_LOCK_MEMORY_PRIVILEGE 4
156 #define SE_INCREASE_QUOTA_PRIVILEGE 5
157 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6
158 #define SE_TCB_PRIVILEGE 7
159 #define SE_SECURITY_PRIVILEGE 8
160 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9
161 #define SE_LOAD_DRIVER_PRIVILEGE 10
162 #define SE_SYSTEM_PROFILE_PRIVILEGE 11
163 #define SE_SYSTEMTIME_PRIVILEGE 12
164 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
165 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14
166 #define SE_CREATE_PAGEFILE_PRIVILEGE 15
167 #define SE_CREATE_PERMANENT_PRIVILEGE 16
168 #define SE_BACKUP_PRIVILEGE 17
169 #define SE_RESTORE_PRIVILEGE 18
170 #define SE_SHUTDOWN_PRIVILEGE 19
171 #define SE_DEBUG_PRIVILEGE 20
172 #define SE_AUDIT_PRIVILEGE 21
173 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
174 #define SE_CHANGE_NOTIFY_PRIVILEGE 23
175 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
176 #define SE_UNDOCK_PRIVILEGE 25
177 #define SE_SYNC_AGENT_PRIVILEGE 26
178 #define SE_ENABLE_DELEGATION_PRIVILEGE 27
179 #define SE_MANAGE_VOLUME_PRIVILEGE 28
180 #define SE_IMPERSONATE_PRIVILEGE 29
181 #define SE_CREATE_GLOBAL_PRIVILEGE 30
182 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
183 #define SE_RELABEL_PRIVILEGE 32
184 #define SE_INC_WORKING_SET_PRIVILEGE 33
185 #define SE_TIME_ZONE_PRIVILEGE 34
186 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
187 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
188
189 typedef struct _SECURITY_SUBJECT_CONTEXT {
190 PACCESS_TOKEN ClientToken;
191 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
192 PACCESS_TOKEN PrimaryToken;
193 PVOID ProcessAuditId;
194 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
195
196 typedef struct _ACCESS_STATE {
197 LUID OperationID;
198 BOOLEAN SecurityEvaluated;
199 BOOLEAN GenerateAudit;
200 BOOLEAN GenerateOnClose;
201 BOOLEAN PrivilegesAllocated;
202 ULONG Flags;
203 ACCESS_MASK RemainingDesiredAccess;
204 ACCESS_MASK PreviouslyGrantedAccess;
205 ACCESS_MASK OriginalDesiredAccess;
206 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
207 PSECURITY_DESCRIPTOR SecurityDescriptor;
208 PVOID AuxData;
209 union {
210 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
211 PRIVILEGE_SET PrivilegeSet;
212 } Privileges;
213 BOOLEAN AuditPrivileges;
214 UNICODE_STRING ObjectName;
215 UNICODE_STRING ObjectTypeName;
216 } ACCESS_STATE, *PACCESS_STATE;
217
218 typedef VOID
219 (NTAPI *PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR)(
220 _In_ PVOID Vcb,
221 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
222
223 #ifndef _NTLSA_IFS_
224
225 #ifndef _NTLSA_AUDIT_
226 #define _NTLSA_AUDIT_
227
228 #define SE_MAX_AUDIT_PARAMETERS 32
229 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
230
231 #define SE_ADT_OBJECT_ONLY 0x1
232
233 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
234 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
235 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
236 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
237 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
238
239 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
240 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
241 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
242
243 typedef enum _SE_ADT_PARAMETER_TYPE {
244 SeAdtParmTypeNone = 0,
245 SeAdtParmTypeString,
246 SeAdtParmTypeFileSpec,
247 SeAdtParmTypeUlong,
248 SeAdtParmTypeSid,
249 SeAdtParmTypeLogonId,
250 SeAdtParmTypeNoLogonId,
251 SeAdtParmTypeAccessMask,
252 SeAdtParmTypePrivs,
253 SeAdtParmTypeObjectTypes,
254 SeAdtParmTypeHexUlong,
255 SeAdtParmTypePtr,
256 SeAdtParmTypeTime,
257 SeAdtParmTypeGuid,
258 SeAdtParmTypeLuid,
259 SeAdtParmTypeHexInt64,
260 SeAdtParmTypeStringList,
261 SeAdtParmTypeSidList,
262 SeAdtParmTypeDuration,
263 SeAdtParmTypeUserAccountControl,
264 SeAdtParmTypeNoUac,
265 SeAdtParmTypeMessage,
266 SeAdtParmTypeDateTime,
267 SeAdtParmTypeSockAddr,
268 SeAdtParmTypeSD,
269 SeAdtParmTypeLogonHours,
270 SeAdtParmTypeLogonIdNoSid,
271 SeAdtParmTypeUlongNoConv,
272 SeAdtParmTypeSockAddrNoPort,
273 SeAdtParmTypeAccessReason
274 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
275
276 typedef struct _SE_ADT_OBJECT_TYPE {
277 GUID ObjectType;
278 USHORT Flags;
279 USHORT Level;
280 ACCESS_MASK AccessMask;
281 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
282
283 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
284 SE_ADT_PARAMETER_TYPE Type;
285 ULONG Length;
286 ULONG_PTR Data[2];
287 PVOID Address;
288 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
289
290 typedef struct _SE_ADT_ACCESS_REASON {
291 ACCESS_MASK AccessMask;
292 ULONG AccessReasons[32];
293 ULONG ObjectTypeIndex;
294 ULONG AccessGranted;
295 PSECURITY_DESCRIPTOR SecurityDescriptor;
296 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
297
298 typedef struct _SE_ADT_PARAMETER_ARRAY {
299 ULONG CategoryId;
300 ULONG AuditId;
301 ULONG ParameterCount;
302 ULONG Length;
303 USHORT FlatSubCategoryId;
304 USHORT Type;
305 ULONG Flags;
306 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
307 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
308
309 #endif /* !_NTLSA_AUDIT_ */
310 #endif /* !_NTLSA_IFS_ */
311 $endif (_WDMDDK_)
312 $if (_NTDDK_)
313 #define SE_UNSOLICITED_INPUT_PRIVILEGE 6
314
315 $endif (_NTDDK_)
316 $if (_NTDDK_ || _WINNT_)
317
318 typedef enum _WELL_KNOWN_SID_TYPE {
319 WinNullSid = 0,
320 WinWorldSid = 1,
321 WinLocalSid = 2,
322 WinCreatorOwnerSid = 3,
323 WinCreatorGroupSid = 4,
324 WinCreatorOwnerServerSid = 5,
325 WinCreatorGroupServerSid = 6,
326 WinNtAuthoritySid = 7,
327 WinDialupSid = 8,
328 WinNetworkSid = 9,
329 WinBatchSid = 10,
330 WinInteractiveSid = 11,
331 WinServiceSid = 12,
332 WinAnonymousSid = 13,
333 WinProxySid = 14,
334 WinEnterpriseControllersSid = 15,
335 WinSelfSid = 16,
336 WinAuthenticatedUserSid = 17,
337 WinRestrictedCodeSid = 18,
338 WinTerminalServerSid = 19,
339 WinRemoteLogonIdSid = 20,
340 WinLogonIdsSid = 21,
341 WinLocalSystemSid = 22,
342 WinLocalServiceSid = 23,
343 WinNetworkServiceSid = 24,
344 WinBuiltinDomainSid = 25,
345 WinBuiltinAdministratorsSid = 26,
346 WinBuiltinUsersSid = 27,
347 WinBuiltinGuestsSid = 28,
348 WinBuiltinPowerUsersSid = 29,
349 WinBuiltinAccountOperatorsSid = 30,
350 WinBuiltinSystemOperatorsSid = 31,
351 WinBuiltinPrintOperatorsSid = 32,
352 WinBuiltinBackupOperatorsSid = 33,
353 WinBuiltinReplicatorSid = 34,
354 WinBuiltinPreWindows2000CompatibleAccessSid = 35,
355 WinBuiltinRemoteDesktopUsersSid = 36,
356 WinBuiltinNetworkConfigurationOperatorsSid = 37,
357 WinAccountAdministratorSid = 38,
358 WinAccountGuestSid = 39,
359 WinAccountKrbtgtSid = 40,
360 WinAccountDomainAdminsSid = 41,
361 WinAccountDomainUsersSid = 42,
362 WinAccountDomainGuestsSid = 43,
363 WinAccountComputersSid = 44,
364 WinAccountControllersSid = 45,
365 WinAccountCertAdminsSid = 46,
366 WinAccountSchemaAdminsSid = 47,
367 WinAccountEnterpriseAdminsSid = 48,
368 WinAccountPolicyAdminsSid = 49,
369 WinAccountRasAndIasServersSid = 50,
370 WinNTLMAuthenticationSid = 51,
371 WinDigestAuthenticationSid = 52,
372 WinSChannelAuthenticationSid = 53,
373 WinThisOrganizationSid = 54,
374 WinOtherOrganizationSid = 55,
375 WinBuiltinIncomingForestTrustBuildersSid = 56,
376 WinBuiltinPerfMonitoringUsersSid = 57,
377 WinBuiltinPerfLoggingUsersSid = 58,
378 WinBuiltinAuthorizationAccessSid = 59,
379 WinBuiltinTerminalServerLicenseServersSid = 60,
380 WinBuiltinDCOMUsersSid = 61,
381 WinBuiltinIUsersSid = 62,
382 WinIUserSid = 63,
383 WinBuiltinCryptoOperatorsSid = 64,
384 WinUntrustedLabelSid = 65,
385 WinLowLabelSid = 66,
386 WinMediumLabelSid = 67,
387 WinHighLabelSid = 68,
388 WinSystemLabelSid = 69,
389 WinWriteRestrictedCodeSid = 70,
390 WinCreatorOwnerRightsSid = 71,
391 WinCacheablePrincipalsGroupSid = 72,
392 WinNonCacheablePrincipalsGroupSid = 73,
393 WinEnterpriseReadonlyControllersSid = 74,
394 WinAccountReadonlyControllersSid = 75,
395 WinBuiltinEventLogReadersGroup = 76,
396 WinNewEnterpriseReadonlyControllersSid = 77,
397 WinBuiltinCertSvcDComAccessGroup = 78,
398 WinMediumPlusLabelSid = 79,
399 WinLocalLogonSid = 80,
400 WinConsoleLogonSid = 81,
401 WinThisOrganizationCertificateSid = 82,
402 WinApplicationPackageAuthoritySid = 83,
403 WinBuiltinAnyPackageSid = 84,
404 WinCapabilityInternetClientSid = 85,
405 WinCapabilityInternetClientServerSid = 86,
406 WinCapabilityPrivateNetworkClientServerSid = 87,
407 WinCapabilityPicturesLibrarySid = 88,
408 WinCapabilityVideosLibrarySid = 89,
409 WinCapabilityMusicLibrarySid = 90,
410 WinCapabilityDocumentsLibrarySid = 91,
411 WinCapabilitySharedUserCertificatesSid = 92,
412 WinCapabilityEnterpriseAuthenticationSid = 93,
413 WinCapabilityRemovableStorageSid = 94,
414 WinBuiltinRDSRemoteAccessServersSid = 95,
415 WinBuiltinRDSEndpointServersSid = 96,
416 WinBuiltinRDSManagementServersSid = 97,
417 WinUserModeDriversSid = 98,
418 WinBuiltinHyperVAdminsSid = 99,
419 WinAccountCloneableControllersSid = 100,
420 WinBuiltinAccessControlAssistanceOperatorsSid = 101,
421 WinBuiltinRemoteManagementUsersSid = 102,
422 WinAuthenticationAuthorityAssertedSid = 103,
423 WinAuthenticationServiceAssertedSid = 104,
424 WinLocalAccountSid = 105,
425 WinLocalAccountAndAdministratorSid = 106,
426 WinAccountProtectedUsersSid = 107,
427 } WELL_KNOWN_SID_TYPE;
428
429 $endif (_NTDDK_ || _WINNT_)
430 $if (_NTIFS_ || _WINNT_)
431
432 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
433 #define SID_IDENTIFIER_AUTHORITY_DEFINED
434 typedef struct _SID_IDENTIFIER_AUTHORITY {
435 $UCHAR Value[6];
436 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
437 #endif
438
439 #ifndef SID_DEFINED
440 #define SID_DEFINED
441 typedef struct _SID {
442 $UCHAR Revision;
443 $UCHAR SubAuthorityCount;
444 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
445 #ifdef MIDL_PASS
446 [size_is(SubAuthorityCount)] $ULONG SubAuthority[*];
447 #else
448 $ULONG SubAuthority[ANYSIZE_ARRAY];
449 #endif
450 } SID, *PISID;
451 #endif
452
453 #define SID_REVISION 1
454 #define SID_MAX_SUB_AUTHORITIES 15
455 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
456
457 #ifndef MIDL_PASS
458 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof($ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof($ULONG)))
459 #endif
460
461 typedef enum _SID_NAME_USE {
462 SidTypeUser = 1,
463 SidTypeGroup,
464 SidTypeDomain,
465 SidTypeAlias,
466 SidTypeWellKnownGroup,
467 SidTypeDeletedAccount,
468 SidTypeInvalid,
469 SidTypeUnknown,
470 SidTypeComputer,
471 SidTypeLabel
472 } SID_NAME_USE, *PSID_NAME_USE;
473
474 typedef struct _SID_AND_ATTRIBUTES {
475 #ifdef MIDL_PASS
476 PISID Sid;
477 #else
478 PSID Sid;
479 #endif
480 $ULONG Attributes;
481 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
482 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
483 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
484
485 #define SID_HASH_SIZE 32
486 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
487
488 typedef struct _SID_AND_ATTRIBUTES_HASH {
489 $ULONG SidCount;
490 PSID_AND_ATTRIBUTES SidAttr;
491 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
492 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
493
494 /* Universal well-known SIDs */
495
496 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
497
498 /* S-1-1 */
499 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
500
501 /* S-1-2 */
502 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
503
504 /* S-1-3 */
505 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
506
507 /* S-1-4 */
508 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
509
510 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
511
512 #define SECURITY_NULL_RID (0x00000000L)
513 #define SECURITY_WORLD_RID (0x00000000L)
514 #define SECURITY_LOCAL_RID (0x00000000L)
515 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
516
517 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
518 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
519 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
520 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
521 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
522
523 /* NT well-known SIDs */
524
525 /* S-1-5 */
526 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
527
528 #define SECURITY_DIALUP_RID (0x00000001L)
529 #define SECURITY_NETWORK_RID (0x00000002L)
530 #define SECURITY_BATCH_RID (0x00000003L)
531 #define SECURITY_INTERACTIVE_RID (0x00000004L)
532 #define SECURITY_LOGON_IDS_RID (0x00000005L)
533 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
534 #define SECURITY_SERVICE_RID (0x00000006L)
535 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
536 #define SECURITY_PROXY_RID (0x00000008L)
537 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
538 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
539 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
540 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
541 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
542 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
543 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
544 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
545 #define SECURITY_IUSER_RID (0x00000011L)
546 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
547 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
548 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
549 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
550 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
551 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
552
553 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
554 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
555
556
557 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
558 #define SECURITY_PACKAGE_RID_COUNT (2L)
559 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
560 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
561 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
562
563 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
564 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
565 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
566
567 #define SECURITY_MIN_BASE_RID (0x00000050L)
568 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
569 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
570 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
571 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
572 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
573 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
574 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
575 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
576 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
577 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
578 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
579 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
580 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
581 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
582 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
583 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
584 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
585
586 #define SECURITY_MAX_BASE_RID (0x0000006FL)
587
588 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
589 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
590
591 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
592
593 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
594
595 /* Well-known domain relative sub-authority values (RIDs) */
596
597 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
598
599 #define FOREST_USER_RID_MAX (0x000001F3L)
600
601 /* Well-known users */
602
603 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
604 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
605 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
606
607 #define DOMAIN_USER_RID_MAX (0x000003E7L)
608
609 /* Well-known groups */
610
611 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
612 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
613 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
614 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
615 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
616 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
617 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
618 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
619 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
620 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
621
622 /* Well-known aliases */
623
624 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
625 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
626 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
627 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
628
629 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
630 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
631 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
632 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
633
634 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
635 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
636 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
637 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
638 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
639 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
640
641 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
642 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
643 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
644 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
645 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
646
647 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
648 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
649 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
650 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
651 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
652 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
653
654 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
655 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
656 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
657 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
658 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
659 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
660 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
661
662 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
663 can be set by a usermode caller.*/
664
665 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
666
667 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
668
669 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
670 Use #999 here (0x3e7 = 999) */
671
672 #define SYSTEM_LUID {0x3e7, 0x0}
673 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
674 #define LOCALSERVICE_LUID {0x3e5, 0x0}
675 #define NETWORKSERVICE_LUID {0x3e4, 0x0}
676 #define IUSER_LUID {0x3e3, 0x0}
677
678 typedef struct _ACE_HEADER {
679 $UCHAR AceType;
680 $UCHAR AceFlags;
681 $USHORT AceSize;
682 } ACE_HEADER, *PACE_HEADER;
683
684 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
685 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
686 #define ACCESS_DENIED_ACE_TYPE (0x1)
687 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
688 #define SYSTEM_ALARM_ACE_TYPE (0x3)
689 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
690 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
691 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
692 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
693 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
694 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
695 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
696 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
697 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
698 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
699 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
700 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
701 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
702 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
703 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
704 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
705 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
706 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
707 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
708 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
709 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
710
711 /* The following are the inherit flags that go into the AceFlags field
712 of an Ace header. */
713
714 #define OBJECT_INHERIT_ACE (0x1)
715 #define CONTAINER_INHERIT_ACE (0x2)
716 #define NO_PROPAGATE_INHERIT_ACE (0x4)
717 #define INHERIT_ONLY_ACE (0x8)
718 #define INHERITED_ACE (0x10)
719 #define VALID_INHERIT_FLAGS (0x1F)
720
721 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
722 #define FAILED_ACCESS_ACE_FLAG (0x80)
723
724 typedef struct _ACCESS_ALLOWED_ACE {
725 ACE_HEADER Header;
726 ACCESS_MASK Mask;
727 $ULONG SidStart;
728 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
729
730 typedef struct _ACCESS_DENIED_ACE {
731 ACE_HEADER Header;
732 ACCESS_MASK Mask;
733 $ULONG SidStart;
734 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
735
736 typedef struct _SYSTEM_AUDIT_ACE {
737 ACE_HEADER Header;
738 ACCESS_MASK Mask;
739 $ULONG SidStart;
740 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
741
742 typedef struct _SYSTEM_ALARM_ACE {
743 ACE_HEADER Header;
744 ACCESS_MASK Mask;
745 $ULONG SidStart;
746 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
747
748 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
749 ACE_HEADER Header;
750 ACCESS_MASK Mask;
751 $ULONG SidStart;
752 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
753
754 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
755 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
756 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
757 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
758 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
759 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
760
761 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
762
763 typedef $USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
764
765 #define SE_OWNER_DEFAULTED 0x0001
766 #define SE_GROUP_DEFAULTED 0x0002
767 #define SE_DACL_PRESENT 0x0004
768 #define SE_DACL_DEFAULTED 0x0008
769 #define SE_SACL_PRESENT 0x0010
770 #define SE_SACL_DEFAULTED 0x0020
771 #define SE_DACL_UNTRUSTED 0x0040
772 #define SE_SERVER_SECURITY 0x0080
773 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
774 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
775 #define SE_DACL_AUTO_INHERITED 0x0400
776 #define SE_SACL_AUTO_INHERITED 0x0800
777 #define SE_DACL_PROTECTED 0x1000
778 #define SE_SACL_PROTECTED 0x2000
779 #define SE_RM_CONTROL_VALID 0x4000
780 #define SE_SELF_RELATIVE 0x8000
781
782 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
783 $UCHAR Revision;
784 $UCHAR Sbz1;
785 SECURITY_DESCRIPTOR_CONTROL Control;
786 $ULONG Owner;
787 $ULONG Group;
788 $ULONG Sacl;
789 $ULONG Dacl;
790 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
791
792 typedef struct _SECURITY_DESCRIPTOR {
793 $UCHAR Revision;
794 $UCHAR Sbz1;
795 SECURITY_DESCRIPTOR_CONTROL Control;
796 PSID Owner;
797 PSID Group;
798 PACL Sacl;
799 PACL Dacl;
800 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
801
802 typedef struct _OBJECT_TYPE_LIST {
803 $USHORT Level;
804 $USHORT Sbz;
805 GUID *ObjectType;
806 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
807
808 #define ACCESS_OBJECT_GUID 0
809 #define ACCESS_PROPERTY_SET_GUID 1
810 #define ACCESS_PROPERTY_GUID 2
811 #define ACCESS_MAX_LEVEL 4
812
813 typedef enum _AUDIT_EVENT_TYPE {
814 AuditEventObjectAccess,
815 AuditEventDirectoryServiceAccess
816 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
817
818 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
819
820 #define ACCESS_DS_SOURCE_A "DS"
821 #define ACCESS_DS_SOURCE_W L"DS"
822 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
823 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
824
825 #define ACCESS_REASON_TYPE_MASK 0xffff0000
826 #define ACCESS_REASON_DATA_MASK 0x0000ffff
827
828 typedef enum _ACCESS_REASON_TYPE {
829 AccessReasonNone = 0x00000000,
830 AccessReasonAllowedAce = 0x00010000,
831 AccessReasonDeniedAce = 0x00020000,
832 AccessReasonAllowedParentAce = 0x00030000,
833 AccessReasonDeniedParentAce = 0x00040000,
834 AccessReasonMissingPrivilege = 0x00100000,
835 AccessReasonFromPrivilege = 0x00200000,
836 AccessReasonIntegrityLevel = 0x00300000,
837 AccessReasonOwnership = 0x00400000,
838 AccessReasonNullDacl = 0x00500000,
839 AccessReasonEmptyDacl = 0x00600000,
840 AccessReasonNoSD = 0x00700000,
841 AccessReasonNoGrant = 0x00800000
842 } ACCESS_REASON_TYPE;
843
844 typedef $ULONG ACCESS_REASON;
845
846 typedef struct _ACCESS_REASONS {
847 ACCESS_REASON Data[32];
848 } ACCESS_REASONS, *PACCESS_REASONS;
849
850 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
851 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
852 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
853
854 typedef struct _SE_SECURITY_DESCRIPTOR {
855 $ULONG Size;
856 $ULONG Flags;
857 PSECURITY_DESCRIPTOR SecurityDescriptor;
858 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
859
860 typedef struct _SE_ACCESS_REQUEST {
861 $ULONG Size;
862 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
863 ACCESS_MASK DesiredAccess;
864 ACCESS_MASK PreviouslyGrantedAccess;
865 PSID PrincipalSelfSid;
866 PGENERIC_MAPPING GenericMapping;
867 $ULONG ObjectTypeListCount;
868 POBJECT_TYPE_LIST ObjectTypeList;
869 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
870
871 #define TOKEN_ASSIGN_PRIMARY (0x0001)
872 #define TOKEN_DUPLICATE (0x0002)
873 #define TOKEN_IMPERSONATE (0x0004)
874 #define TOKEN_QUERY (0x0008)
875 #define TOKEN_QUERY_SOURCE (0x0010)
876 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
877 #define TOKEN_ADJUST_GROUPS (0x0040)
878 #define TOKEN_ADJUST_DEFAULT (0x0080)
879 #define TOKEN_ADJUST_SESSIONID (0x0100)
880
881 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
882 TOKEN_ASSIGN_PRIMARY |\
883 TOKEN_DUPLICATE |\
884 TOKEN_IMPERSONATE |\
885 TOKEN_QUERY |\
886 TOKEN_QUERY_SOURCE |\
887 TOKEN_ADJUST_PRIVILEGES |\
888 TOKEN_ADJUST_GROUPS |\
889 TOKEN_ADJUST_DEFAULT)
890
891 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
892 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P | TOKEN_ADJUST_SESSIONID)
893 #else
894 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
895 #endif
896
897 #define TOKEN_READ (STANDARD_RIGHTS_READ | TOKEN_QUERY)
898
899 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
900 TOKEN_ADJUST_PRIVILEGES |\
901 TOKEN_ADJUST_GROUPS |\
902 TOKEN_ADJUST_DEFAULT)
903
904 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
905
906 typedef enum _TOKEN_TYPE {
907 TokenPrimary = 1,
908 TokenImpersonation
909 } TOKEN_TYPE, *PTOKEN_TYPE;
910
911 typedef enum _TOKEN_INFORMATION_CLASS {
912 TokenUser = 1,
913 TokenGroups,
914 TokenPrivileges,
915 TokenOwner,
916 TokenPrimaryGroup,
917 TokenDefaultDacl,
918 TokenSource,
919 TokenType,
920 TokenImpersonationLevel,
921 TokenStatistics,
922 TokenRestrictedSids,
923 TokenSessionId,
924 TokenGroupsAndPrivileges,
925 TokenSessionReference,
926 TokenSandBoxInert,
927 TokenAuditPolicy,
928 TokenOrigin,
929 TokenElevationType,
930 TokenLinkedToken,
931 TokenElevation,
932 TokenHasRestrictions,
933 TokenAccessInformation,
934 TokenVirtualizationAllowed,
935 TokenVirtualizationEnabled,
936 TokenIntegrityLevel,
937 TokenUIAccess,
938 TokenMandatoryPolicy,
939 TokenLogonSid,
940 TokenIsAppContainer,
941 TokenCapabilities,
942 TokenAppContainerSid,
943 TokenAppContainerNumber,
944 TokenUserClaimAttributes,
945 TokenDeviceClaimAttributes,
946 TokenRestrictedUserClaimAttributes,
947 TokenRestrictedDeviceClaimAttributes,
948 TokenDeviceGroups,
949 TokenRestrictedDeviceGroups,
950 TokenSecurityAttributes,
951 TokenIsRestricted,
952 MaxTokenInfoClass
953 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
954
955 typedef struct _TOKEN_USER {
956 SID_AND_ATTRIBUTES User;
957 } TOKEN_USER, *PTOKEN_USER;
958
959 typedef struct _TOKEN_GROUPS {
960 $ULONG GroupCount;
961 #ifdef MIDL_PASS
962 [size_is(GroupCount)] SID_AND_ATTRIBUTES Groups[*];
963 #else
964 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
965 #endif
966 } TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
967
968 typedef struct _TOKEN_PRIVILEGES {
969 $ULONG PrivilegeCount;
970 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
971 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
972
973 typedef struct _TOKEN_OWNER {
974 PSID Owner;
975 } TOKEN_OWNER, *PTOKEN_OWNER;
976
977 typedef struct _TOKEN_PRIMARY_GROUP {
978 PSID PrimaryGroup;
979 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
980
981 typedef struct _TOKEN_DEFAULT_DACL {
982 PACL DefaultDacl;
983 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
984
985 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
986 $ULONG SidCount;
987 $ULONG SidLength;
988 PSID_AND_ATTRIBUTES Sids;
989 $ULONG RestrictedSidCount;
990 $ULONG RestrictedSidLength;
991 PSID_AND_ATTRIBUTES RestrictedSids;
992 $ULONG PrivilegeCount;
993 $ULONG PrivilegeLength;
994 PLUID_AND_ATTRIBUTES Privileges;
995 LUID AuthenticationId;
996 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
997
998 typedef struct _TOKEN_LINKED_TOKEN {
999 HANDLE LinkedToken;
1000 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
1001
1002 typedef struct _TOKEN_ELEVATION {
1003 $ULONG TokenIsElevated;
1004 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
1005
1006 typedef struct _TOKEN_MANDATORY_LABEL {
1007 SID_AND_ATTRIBUTES Label;
1008 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
1009
1010 #define TOKEN_MANDATORY_POLICY_OFF 0x0
1011 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
1012 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
1013
1014 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
1015 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
1016
1017 #define POLICY_AUDIT_SUBCATEGORY_COUNT (56)
1018
1019 typedef struct _TOKEN_AUDIT_POLICY {
1020 $UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
1021 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
1022
1023 #define TOKEN_SOURCE_LENGTH 8
1024
1025 typedef struct _TOKEN_SOURCE {
1026 CHAR SourceName[TOKEN_SOURCE_LENGTH];
1027 LUID SourceIdentifier;
1028 } TOKEN_SOURCE, *PTOKEN_SOURCE;
1029
1030 #include <pshpack4.h>
1031 typedef struct _TOKEN_STATISTICS {
1032 LUID TokenId;
1033 LUID AuthenticationId;
1034 LARGE_INTEGER ExpirationTime;
1035 TOKEN_TYPE TokenType;
1036 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1037 $ULONG DynamicCharged;
1038 $ULONG DynamicAvailable;
1039 $ULONG GroupCount;
1040 $ULONG PrivilegeCount;
1041 LUID ModifiedId;
1042 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
1043 #include <poppack.h>
1044
1045 typedef struct _TOKEN_CONTROL {
1046 LUID TokenId;
1047 LUID AuthenticationId;
1048 LUID ModifiedId;
1049 TOKEN_SOURCE TokenSource;
1050 } TOKEN_CONTROL, *PTOKEN_CONTROL;
1051
1052 typedef struct _TOKEN_ORIGIN {
1053 LUID OriginatingLogonSession;
1054 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
1055
1056 typedef enum _MANDATORY_LEVEL {
1057 MandatoryLevelUntrusted = 0,
1058 MandatoryLevelLow,
1059 MandatoryLevelMedium,
1060 MandatoryLevelHigh,
1061 MandatoryLevelSystem,
1062 MandatoryLevelSecureProcess,
1063 MandatoryLevelCount
1064 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
1065
1066 $endif(_NTIFS_ || _WINNT_)
1067 $if(_NTIFS_)
1068
1069 typedef struct _SE_ACCESS_REPLY {
1070 $ULONG Size;
1071 $ULONG ResultListCount;
1072 PACCESS_MASK GrantedAccess;
1073 PNTSTATUS AccessStatus;
1074 PACCESS_REASONS AccessReason;
1075 PPRIVILEGE_SET* Privileges;
1076 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
1077
1078 typedef enum _SE_AUDIT_OPERATION {
1079 AuditPrivilegeObject,
1080 AuditPrivilegeService,
1081 AuditAccessCheck,
1082 AuditOpenObject,
1083 AuditOpenObjectWithTransaction,
1084 AuditCloseObject,
1085 AuditDeleteObject,
1086 AuditOpenObjectForDelete,
1087 AuditOpenObjectForDeleteWithTransaction,
1088 AuditCloseNonObject,
1089 AuditOpenNonObject,
1090 AuditObjectReference,
1091 AuditHandleCreation,
1092 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
1093
1094 typedef struct _SE_AUDIT_INFO {
1095 ULONG Size;
1096 AUDIT_EVENT_TYPE AuditType;
1097 SE_AUDIT_OPERATION AuditOperation;
1098 ULONG AuditFlags;
1099 UNICODE_STRING SubsystemName;
1100 UNICODE_STRING ObjectTypeName;
1101 UNICODE_STRING ObjectName;
1102 PVOID HandleId;
1103 GUID* TransactionId;
1104 LUID* OperationId;
1105 BOOLEAN ObjectCreation;
1106 BOOLEAN GenerateOnClose;
1107 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
1108
1109 typedef struct _TOKEN_MANDATORY_POLICY {
1110 $ULONG Policy;
1111 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
1112
1113 typedef struct _TOKEN_ACCESS_INFORMATION {
1114 PSID_AND_ATTRIBUTES_HASH SidHash;
1115 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
1116 PTOKEN_PRIVILEGES Privileges;
1117 LUID AuthenticationId;
1118 TOKEN_TYPE TokenType;
1119 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1120 TOKEN_MANDATORY_POLICY MandatoryPolicy;
1121 $ULONG Flags;
1122 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
1123
1124 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
1125 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
1126 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
1127 #define TOKEN_WRITE_RESTRICTED 0x0008
1128 #define TOKEN_IS_RESTRICTED 0x0010
1129 #define TOKEN_SESSION_NOT_REFERENCED 0x0020
1130 #define TOKEN_SANDBOX_INERT 0x0040
1131 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
1132 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
1133 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200
1134 #define TOKEN_VIRTUALIZE_ENABLED 0x0400
1135 #define TOKEN_IS_FILTERED 0x0800
1136 #define TOKEN_UIACCESS 0x1000
1137 #define TOKEN_NOT_LOW 0x2000
1138
1139 typedef struct _SE_EXPORTS {
1140 LUID SeCreateTokenPrivilege;
1141 LUID SeAssignPrimaryTokenPrivilege;
1142 LUID SeLockMemoryPrivilege;
1143 LUID SeIncreaseQuotaPrivilege;
1144 LUID SeUnsolicitedInputPrivilege;
1145 LUID SeTcbPrivilege;
1146 LUID SeSecurityPrivilege;
1147 LUID SeTakeOwnershipPrivilege;
1148 LUID SeLoadDriverPrivilege;
1149 LUID SeCreatePagefilePrivilege;
1150 LUID SeIncreaseBasePriorityPrivilege;
1151 LUID SeSystemProfilePrivilege;
1152 LUID SeSystemtimePrivilege;
1153 LUID SeProfileSingleProcessPrivilege;
1154 LUID SeCreatePermanentPrivilege;
1155 LUID SeBackupPrivilege;
1156 LUID SeRestorePrivilege;
1157 LUID SeShutdownPrivilege;
1158 LUID SeDebugPrivilege;
1159 LUID SeAuditPrivilege;
1160 LUID SeSystemEnvironmentPrivilege;
1161 LUID SeChangeNotifyPrivilege;
1162 LUID SeRemoteShutdownPrivilege;
1163 PSID SeNullSid;
1164 PSID SeWorldSid;
1165 PSID SeLocalSid;
1166 PSID SeCreatorOwnerSid;
1167 PSID SeCreatorGroupSid;
1168 PSID SeNtAuthoritySid;
1169 PSID SeDialupSid;
1170 PSID SeNetworkSid;
1171 PSID SeBatchSid;
1172 PSID SeInteractiveSid;
1173 PSID SeLocalSystemSid;
1174 PSID SeAliasAdminsSid;
1175 PSID SeAliasUsersSid;
1176 PSID SeAliasGuestsSid;
1177 PSID SeAliasPowerUsersSid;
1178 PSID SeAliasAccountOpsSid;
1179 PSID SeAliasSystemOpsSid;
1180 PSID SeAliasPrintOpsSid;
1181 PSID SeAliasBackupOpsSid;
1182 PSID SeAuthenticatedUsersSid;
1183 PSID SeRestrictedSid;
1184 PSID SeAnonymousLogonSid;
1185 LUID SeUndockPrivilege;
1186 LUID SeSyncAgentPrivilege;
1187 LUID SeEnableDelegationPrivilege;
1188 PSID SeLocalServiceSid;
1189 PSID SeNetworkServiceSid;
1190 LUID SeManageVolumePrivilege;
1191 LUID SeImpersonatePrivilege;
1192 LUID SeCreateGlobalPrivilege;
1193 LUID SeTrustedCredManAccessPrivilege;
1194 LUID SeRelabelPrivilege;
1195 LUID SeIncreaseWorkingSetPrivilege;
1196 LUID SeTimeZonePrivilege;
1197 LUID SeCreateSymbolicLinkPrivilege;
1198 PSID SeIUserSid;
1199 PSID SeUntrustedMandatorySid;
1200 PSID SeLowMandatorySid;
1201 PSID SeMediumMandatorySid;
1202 PSID SeHighMandatorySid;
1203 PSID SeSystemMandatorySid;
1204 PSID SeOwnerRightsSid;
1205 } SE_EXPORTS, *PSE_EXPORTS;
1206
1207 typedef NTSTATUS
1208 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
1209 IN PLUID LogonId);
1210
1211 typedef struct _SECURITY_CLIENT_CONTEXT {
1212 SECURITY_QUALITY_OF_SERVICE SecurityQos;
1213 PACCESS_TOKEN ClientToken;
1214 BOOLEAN DirectlyAccessClientToken;
1215 BOOLEAN DirectAccessEffectiveOnly;
1216 BOOLEAN ServerIsRemote;
1217 TOKEN_CONTROL ClientTokenControl;
1218 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1219
1220 $endif (_NTIFS_)
A free Windows-compatible Operating System